NoVirusThanks OSArmor

Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
Umbra said:
...
To me, delivery is not exploitation, exploitation is the act of abusing a vulnerability. Eternal Blue is an kernel exploit, it abuse a vulnerability.
Default-deny tools (anti-exe, etc...) don't prevent exploitation of vulnerabilities.
The only thing they can do, is they will prevent (as you said) either delivery of the exploit or the post-exploitation part of the attack chain (like abusing rundll32.exe, etc....)

Anti-Exploit software are HMPA, MBAE, Windows 10 Exploit Protection and some components in suites, which can prevent exploitation of vulnerabilities, which occurs most of the time via memory attacks.

There is no such thing as "basic anti-exploit", this is just marketing shenanigans made by some vendors to make their solutions more appealing. And many fall for it and parrot it across boards, so unaware people believe that your so-called basic anti-exploit (aka Default-Deny) will protect them from in-memory REAL exploits/attacks.
Click to expand...
That is correct. OSA does not detect exploiting methods, so it cannot be an anti-exploit software. But still, it is the software with several anti-malware and anti-exploit prevention abilities.
 
Last edited:
  • Like
Reactions: [correlate], JB007, simmerskool and 5 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
Sampei Nihira said:
Almost certainly.
But the important thing is that it has stopped the DEP Exploit Test which is not blocked by MBAE.
This is interesting to me.;)
Click to expand...
"This test allocates a piece of non-executable memory on the heap and copies shellcode to start calc.exe
to this memory. Then it jumps to that shellcode. This will trigger a DEP exception which, in case of
HitmanPro.Alert, will be intercepted."
Like several methods in this test, it is constructed from two parts: Exploiting method + executing the payload

HitmanPro will detect and block the exploiting method - this is what anti-exploit should do.
OSA will block the payload execution, as post-exploitation (post-infection) prevention.
 
  • Like
  • +Reputation
Reactions: [correlate], JB007, simmerskool and 6 others
F

ForgottenSeer 823865

Andy Ful said:
HitmanPro will detect and block the exploiting method - this is what anti-exploit should do.
OSA will block the payload execution, as post-exploitation (post-infection) prevention.
Click to expand...
You found the right sentencing ;)

More people should be aware of the distinction and don't misunderstand/mix them. Reason i'm quite irritated by some vendors knowingly doing it for marketing purposes, hence misleading unaware users.

"stopping a bullet isn't same as putting a bandage on its wound"
 
Last edited by a moderator:
  • Like
Reactions: [correlate], JB007, Anker_by and 8 others
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
Ah, you are always here discussing OSA !! :)
Well, it means that the software is interesting.
In fact, I use it together with MBAE.

But in the other PC the security configuration and even the browser are different.
So the security configuration would be different if I had another pc.
This diversity would be an additional protection for all PCs.
 
  • Like
Reactions: [correlate], JB007, South Park and 4 others
F

ForgottenSeer 823865

It is what i like with NVT, they stick to the purpose of the product whatever it is ERP, OSA, or SOB. not bloating them with unneeded features, so they keep being efficient and doesn't require much maintenance.


If I was still on Win10 Home, OSA would be part on my security setup.
Even on Win10 Ent, I miss using it, the custom rules implementation is way too good and efficient.
 
  • Like
Reactions: [correlate], oldschool, Protomartyr and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,256
Hello guys, hope all of you are fine during this particular situation.

Just wanted to let you know about some updates:

We've been working the past 8+ months on cloud-based services, such as APIVoid - a service that offers JSON APIs for threat analysis and detection, more information here:
Threat Analysis APIs for Threat Detection & Prevention | APIVoid

We're now back on track but to keep up with software development (time, code sign, certificates, servers, testings, fixes, updates, etc) we'll change a few things, one of which is that OSArmor and other software will become subscription-based.

The new version of OSArmor will be available soon for subscribed users.

We've mostly finished working in the auto-update of OSArmor so it will safely update to new versions automatically without user intervention. Plus we've added options to update CustomBlock.db and Exclusions.db rules from a remote URL, that should be useful to companies.

I'll have some updates on this soon (no parallel projects now so we're working on these changes full time).

We have other good news, but lets first complete this "phase 1".

Will keep you updated here regularly.
Click to expand...
www.wilderssecurity.com

NoVirusThanks OSArmor: An Additional Layer of Defense

I have Edge now so no need to block it anyway for me. I just wanted to let people know that the New Edge is not getting blocked without a custom rule,...
www.wilderssecurity.com www.wilderssecurity.com

A copy paste of Andreas post at Wilders.

Sad to see that OSArmor and other software will be subscription-based from now on.
 
Last edited:
  • Like
  • Wow
  • +Reputation
Reactions: fabiobr, Mercenary, shmu26 and 19 others
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Gandalf_The_Grey said:
www.wilderssecurity.com

NoVirusThanks OSArmor: An Additional Layer of Defense

I have Edge now so no need to block it anyway for me. I just wanted to let people know that the New Edge is not getting blocked without a custom rule,...
www.wilderssecurity.com www.wilderssecurity.com

A copy past of Andreas post at Wilders.

Sad to see that OSArmor and other software will be subscription-based from now on.
Click to expand...
Honestly it is a quality piece of software and I don’t mind paying him for his work if the price is reasonable.
 
  • Like
Reactions: Mercenary, simmerskool, Andrew999 and 14 others
P

plat

Level 29
Top Poster
Sep 13, 2018
1,793
He didn't post this info over here, only at Wilders so far. :(
I don't know what to do right now. There is H_C, of course and if I could donate, I would instantly. But if one is used to OSArmor as a freeware....

Let's see how much he will ask as a subscription fee. I have a limit in mind already.
 
  • Like
  • +Reputation
Reactions: Mercenary, simmerskool, shmu26 and 10 others
EndangeredPootis

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
silversurfer said:
I wouldn't like to pay for this kind of development, how long time all about OSArmor was quiet and now after almost two years he decide to inform users what is going on from now, that isn't much user friendly at least from my point of view...
Click to expand...
Everyone, including all of us, have lives, sometimes a family, to take care of, it isnt really all that weird for developers to go quiet for a while.
 
  • Like
Reactions: ForgottenSeer 72227, Kermit80, Protomartyr and 5 others
NoVirusThanks

NoVirusThanks

From NoVirusThanks
Verified
Developer
Well-known
Aug 23, 2012
293
@Gandalf_The_Grey

Thanks for sharing the post here.

Just including below the two images from the post at wilders:

osarmor-new.png


changelog.png


@silversurfer @plat1098

Totally understand your points and that's fine.

We've had to handle many things happening during the past year (good and bad) and we had to lower the freeware software development.

Subscription pricing for home users will be definitely reasonable.

I will post updates here too regularly.
 
  • Like
  • Thanks
Reactions: fabiobr, Mercenary, simmerskool and 16 others
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
EndangeredPootis said:
Everyone, including all of us, have lives, sometimes a family, to take care of, it isnt really all that weird for developers to go quiet for a while.
Click to expand...
I agree with @silversurfer on this. Developers can also talk as everyone else and give information. Say nada/nothing for that extrem long time period don't really create the keyfactor, trust. Personal I would and will avoid this tool.
 
  • Like
Reactions: fabiobr, Mercenary, simmerskool and 11 others

Similar threads

way hodge
    • Like
    • HaHa
    • Wow
Advice Request TTB Internet Security [ Worst Antivirus Program for Mobile & Desktop ]
Replies
8
Views
682
Other security for Windows, Mac, Linux
cartaphilus
cartaphilus
Brownie2019
    • Like
New Update Avast One Basic It’s free
Replies
1
Views
367
Avast
Bot
Bot
D
    • Like
    • +Reputation
    • Love
For additional security/privacy: "MajorPrivacy" (upgraded from "PrivateWin10")
Replies
23
Views
1,845
System utilities
Digmor Crusher
Digmor Crusher

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top